Vendor CVEs
Apple Inc.
All CVEs
8,452 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1773 | Low | 0.21 | 3.3 | 0.00 | Mar 24, 2016 | The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors. | ||
| CVE-2026-20671 | Low | 0.20 | 3.1 | 0.00 | Feb 11, 2026 | A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker in a privileged network position may… | ||
| CVE-2025-43531 | Low | 0.20 | 3.1 | 0.00 | Dec 17, 2025 | A race condition was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected… | ||
| CVE-2020-3894 | Low | 0.20 | 3.1 | 0.01 | Apr 1, 2020 | A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. | ||
| CVE-2017-2383 | Low | 0.20 | 3.1 | 0.00 | Apr 2, 2017 | An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the "APNs Server" component. It allows man-in-the-middle attackers to track… | ||
| CVE-2016-4583 | Low | 0.20 | 3.1 | 0.02 | Jul 22, 2016 | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document. | ||
| CVE-2016-4740 | Low | 0.19 | 2.9 | 0.00 | Sep 18, 2016 | Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors. | ||
| CVE-2025-43532 | Low | 0.18 | 2.8 | 0.00 | Dec 12, 2025 | A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing malicious data… | ||
| CVE-2025-43365 | Low | 0.18 | 2.8 | 0.00 | Nov 4, 2025 | A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26 and iPadOS 26. An unprivileged process may be able to terminate a root processes. | ||
| CVE-2025-43349 | Low | 0.18 | 2.8 | 0.00 | Sep 15, 2025 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing a maliciously crafted video file… | ||
| CVE-2024-40864 | Low | 0.18 | 2.7 | 0.01 | Mar 31, 2025 | The issue was addressed with improved handling of protocols. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.2, watchOS 11.2. An attacker in a privileged network position may be able to track a user's… | ||
| CVE-2024-54558 | Low | 0.18 | 2.8 | 0.00 | Mar 10, 2025 | A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick a user into granting access to photos from the user's photo library. | ||
| CVE-2025-43410 | Low | 0.16 | 2.4 | 0.00 | Dec 12, 2025 | The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.2. An attacker with physical access may be able to view deleted notes. | ||
| CVE-2025-31216 | Low | 0.16 | 2.4 | 0.00 | Nov 21, 2025 | The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. An attacker with physical access to a device may be able to override managed Wi-Fi profiles. | ||
| CVE-2025-43408 | Low | 0.16 | 2.4 | 0.00 | Nov 4, 2025 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An attacker with physical access may be able to access contacts from the lock screen. | ||
| CVE-2025-43350 | Low | 0.16 | 2.4 | 0.00 | Nov 4, 2025 | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker may be able to view restricted content from the lock screen. | ||
| CVE-2025-43309 | Low | 0.16 | 2.4 | 0.00 | Nov 4, 2025 | A logic issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen. | ||
| CVE-2025-30469 | Low | 0.16 | 2.4 | 0.00 | Mar 31, 2025 | This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an iOS device may be able to access photos from the lock screen. | ||
| CVE-2025-24193 | Low | 0.16 | 2.4 | 0.00 | Mar 31, 2025 | This issue was addressed with improved authentication. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker with a USB-C connection to an unlocked device may be able to programmatically access photos. | ||
| CVE-2024-44179 | Low | 0.16 | 2.4 | 0.00 | Mar 10, 2025 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15. An attacker with physical access to a device may be able to read contact numbers from the lock screen. | ||
| CVE-2024-40839 | Low | 0.16 | 2.4 | 0.00 | Jan 15, 2025 | This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen. | ||
| CVE-2024-54485 | Low | 0.16 | 2.4 | 0.00 | Dec 12, 2024 | The issue was addressed by adding additional logic. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen. | ||
| CVE-2024-44265 | Low | 0.16 | 2.4 | 0.01 | Oct 28, 2024 | The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An attacker with physical access can input Game Controller events to apps running on a locked device. | ||
| CVE-2024-44251 | Low | 0.16 | 2.4 | 0.00 | Oct 28, 2024 | This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen. | ||
| CVE-2024-40851 | Low | 0.16 | 2.4 | 0.00 | Oct 28, 2024 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker with physical access may be able to access contact photos from the lock screen. | ||
| CVE-2024-44180 | Low | 0.16 | 2.4 | 0.00 | Sep 17, 2024 | The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen. | ||
| CVE-2024-44139 | Low | 0.16 | 2.4 | 0.00 | Sep 17, 2024 | The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen. | ||
| CVE-2024-40822 | Low | 0.16 | 2.4 | 0.00 | Jul 29, 2024 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, watchOS 10.6. An attacker with physical access to a device may be able to access contacts from the lock… | ||
| CVE-2024-27862 | Low | 0.16 | 2.4 | 0.01 | Jul 29, 2024 | A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6. Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled. | ||
| CVE-2024-27819 | Low | 0.16 | 2.4 | 0.00 | Jun 10, 2024 | The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to access contacts from the lock screen. | ||
| CVE-2024-27814 | Low | 0.16 | 2.4 | 0.00 | Jun 10, 2024 | This issue was addressed through improved state management. This issue is fixed in watchOS 10.5. A person with physical access to a device may be able to view contact information from the lock screen. | ||
| CVE-2024-27835 | Low | 0.16 | 2.4 | 0.00 | May 14, 2024 | This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to access notes from the lock screen. | ||
| CVE-2024-27803 | Low | 0.16 | 2.4 | 0.00 | May 14, 2024 | A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from the lock screen. | ||
| CVE-2024-23255 | Low | 0.16 | 2.4 | 0.01 | Mar 8, 2024 | An authentication issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Photos in the Hidden Photos Album may be viewed without authentication. | ||
| CVE-2024-23240 | Low | 0.16 | 2.4 | 0.00 | Mar 8, 2024 | The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication. | ||
| CVE-2024-0230 | Low | 0.16 | 2.4 | 0.01 | Jan 12, 2024 | A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic. | ||
| CVE-2023-40529 | Low | 0.16 | 2.4 | 0.00 | Jan 10, 2024 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to access private calendar information. | ||
| CVE-2023-42874 | Low | 0.16 | 2.4 | 0.00 | Dec 12, 2023 | This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2. Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard. | ||
| CVE-2022-46724 | Low | 0.16 | 2.4 | 0.00 | Aug 14, 2023 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.4 and iPadOS 16.4. A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lock screen. | ||
| CVE-2023-32417 | Low | 0.16 | 2.4 | 0.00 | Jun 23, 2023 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 9.5. An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts via accessibility features. | ||
| CVE-2023-32394 | Low | 0.16 | 2.4 | 0.00 | Jun 23, 2023 | The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to a device may be able to view contact information from the lock screen. | ||
| CVE-2023-32390 | Low | 0.16 | 2.4 | 0.00 | Jun 23, 2023 | The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup. | ||
| CVE-2023-32365 | Low | 0.16 | 2.4 | 0.00 | Jun 23, 2023 | The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, iOS 16.5 and iPadOS 16.5. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication. | ||
| CVE-2022-46717 | Low | 0.16 | 2.4 | 0.00 | Apr 10, 2023 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2. A user with physical access to a locked Apple Watch may be able to view user photos via accessibility features | ||
| CVE-2022-32871 | Low | 0.16 | 2.4 | 0.00 | Apr 10, 2023 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with physical access to a device may be able to use Siri to access private calendar information | ||
| CVE-2022-32879 | Low | 0.16 | 2.4 | 0.00 | Nov 1, 2022 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, tvOS 16. A user with physical access to a device may be able to access contacts from the lock screen. | ||
| CVE-2022-32870 | Low | 0.16 | 2.4 | 0.00 | Nov 1, 2022 | A logic issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user with physical access to a device may be able to use Siri to obtain some call history information. | ||
| CVE-2022-32867 | Low | 0.16 | 2.4 | 0.00 | Nov 1, 2022 | This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. A user with physical access to an iOS device may be able to read past diagnostic logs. | ||
| CVE-2022-32872 | Low | 0.16 | 2.4 | 0.00 | Sep 20, 2022 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen. | ||
| CVE-2022-26703 | Low | 0.16 | 2.4 | 0.00 | May 26, 2022 | An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A person with physical access to an iOS device may be able to access photos from the lock screen. |
- risk 0.21cvss 3.3epss 0.00
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.
- risk 0.20cvss 3.1epss 0.00
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker in a privileged network position may…
- risk 0.20cvss 3.1epss 0.00
A race condition was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected…
- risk 0.20cvss 3.1epss 0.01
A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory.
- risk 0.20cvss 3.1epss 0.00
An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the "APNs Server" component. It allows man-in-the-middle attackers to track…
- risk 0.20cvss 3.1epss 0.02
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.
- risk 0.19cvss 2.9epss 0.00
Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors.
- risk 0.18cvss 2.8epss 0.00
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing malicious data…
- risk 0.18cvss 2.8epss 0.00
A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26 and iPadOS 26. An unprivileged process may be able to terminate a root processes.
- risk 0.18cvss 2.8epss 0.00
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing a maliciously crafted video file…
- risk 0.18cvss 2.7epss 0.01
The issue was addressed with improved handling of protocols. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.2, watchOS 11.2. An attacker in a privileged network position may be able to track a user's…
- risk 0.18cvss 2.8epss 0.00
A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick a user into granting access to photos from the user's photo library.
- risk 0.16cvss 2.4epss 0.00
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.2. An attacker with physical access may be able to view deleted notes.
- risk 0.16cvss 2.4epss 0.00
The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. An attacker with physical access to a device may be able to override managed Wi-Fi profiles.
- risk 0.16cvss 2.4epss 0.00
This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An attacker with physical access may be able to access contacts from the lock screen.
- risk 0.16cvss 2.4epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker may be able to view restricted content from the lock screen.
- risk 0.16cvss 2.4epss 0.00
A logic issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.
- risk 0.16cvss 2.4epss 0.00
This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an iOS device may be able to access photos from the lock screen.
- risk 0.16cvss 2.4epss 0.00
This issue was addressed with improved authentication. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker with a USB-C connection to an unlocked device may be able to programmatically access photos.
- risk 0.16cvss 2.4epss 0.00
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15. An attacker with physical access to a device may be able to read contact numbers from the lock screen.
- risk 0.16cvss 2.4epss 0.00
This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.
- risk 0.16cvss 2.4epss 0.00
The issue was addressed by adding additional logic. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen.
- risk 0.16cvss 2.4epss 0.01
The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An attacker with physical access can input Game Controller events to apps running on a locked device.
- risk 0.16cvss 2.4epss 0.00
This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen.
- risk 0.16cvss 2.4epss 0.00
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker with physical access may be able to access contact photos from the lock screen.
- risk 0.16cvss 2.4epss 0.00
The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen.
- risk 0.16cvss 2.4epss 0.00
The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen.
- risk 0.16cvss 2.4epss 0.00
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, watchOS 10.6. An attacker with physical access to a device may be able to access contacts from the lock…
- risk 0.16cvss 2.4epss 0.01
A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6. Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled.
- risk 0.16cvss 2.4epss 0.00
The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to access contacts from the lock screen.
- risk 0.16cvss 2.4epss 0.00
This issue was addressed through improved state management. This issue is fixed in watchOS 10.5. A person with physical access to a device may be able to view contact information from the lock screen.
- risk 0.16cvss 2.4epss 0.00
This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to access notes from the lock screen.
- risk 0.16cvss 2.4epss 0.00
A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from the lock screen.
- risk 0.16cvss 2.4epss 0.01
An authentication issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Photos in the Hidden Photos Album may be viewed without authentication.
- risk 0.16cvss 2.4epss 0.00
The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.
- risk 0.16cvss 2.4epss 0.01
A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.
- risk 0.16cvss 2.4epss 0.00
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to access private calendar information.
- risk 0.16cvss 2.4epss 0.00
This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2. Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard.
- risk 0.16cvss 2.4epss 0.00
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.4 and iPadOS 16.4. A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lock screen.
- risk 0.16cvss 2.4epss 0.00
This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 9.5. An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts via accessibility features.
- risk 0.16cvss 2.4epss 0.00
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to a device may be able to view contact information from the lock screen.
- risk 0.16cvss 2.4epss 0.00
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup.
- risk 0.16cvss 2.4epss 0.00
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, iOS 16.5 and iPadOS 16.5. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.
- risk 0.16cvss 2.4epss 0.00
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2. A user with physical access to a locked Apple Watch may be able to view user photos via accessibility features
- risk 0.16cvss 2.4epss 0.00
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with physical access to a device may be able to use Siri to access private calendar information
- risk 0.16cvss 2.4epss 0.00
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, tvOS 16. A user with physical access to a device may be able to access contacts from the lock screen.
- risk 0.16cvss 2.4epss 0.00
A logic issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user with physical access to a device may be able to use Siri to obtain some call history information.
- risk 0.16cvss 2.4epss 0.00
This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. A user with physical access to an iOS device may be able to read past diagnostic logs.
- risk 0.16cvss 2.4epss 0.00
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen.
- risk 0.16cvss 2.4epss 0.00
An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A person with physical access to an iOS device may be able to access photos from the lock screen.
Page 100 of 170